A Scalable Decomposition Method for the Dynamic Defense of Cyber Networks

We investigate the problem of defending a cyber network against progressive attacks from an adversary. The defender is unable to perfectly observe attacks and the network’s security status and instead must use its imperfect observations to determine a defense strategy. The nature of the defender’s imperfect information is assumed to be non-probabilistic. Thus, the defender takes a conservative (minmax) approach to defending the network, attempting to construct a defense policy that minimizes the worst-case damage. Determining an optimal minmax defense strategy proves to be computationally intractable even for small-scale networks. To address this dimensionality issue, we propose a scalable decomposition method which involves the construction of multiple local defense problems, each equipped with a corresponding local defense policy. The local defense policies communicate information with one another with the goal of achieving network-wide security. The local defense problem’s construction is based on a decomposition of the network into clusters. For the decomposition, we use the notion of an influence graph to describe the dependencies among the security states of the network’s nodes. These dependencies, along with the available computational capability, are used to determine clusters of nodes, with each cluster corresponding to a local defense problem. After clusters are specified, we design the information structure of the network, that is, the information each local defense problem has over time to defend its own cluster; this information includes the data the local defense problem gathers from the environment along with the data communicated by other local defense policies. We illustrate the decomposition methodology with an example.

[1]  Yi Ouyang,et al.  Dynamic Games With Asymmetric Information: Common Information Based Perfect Bayesian Equilibria and Sequential Decomposition , 2015, IEEE Transactions on Automatic Control.

[2]  Pierre Bernhard Max-Plus Algebra and Mathematical Fear in Dynamic Optimization , 2000 .

[3]  Nor Badrul Anuar,et al.  Intrusion response systems: Foundations, design, and challenges , 2016, J. Netw. Comput. Appl..

[4]  Elchanan Mossel,et al.  Spectral redemption in clustering sparse networks , 2013, Proceedings of the National Academy of Sciences.

[5]  Quanyan Zhu,et al.  Game theory meets network security and privacy , 2013, CSUR.

[6]  Yi Ouyang,et al.  On stochastic dynamic games with delayed sharing information structure , 2016, 2016 IEEE 55th Conference on Decision and Control (CDC).

[7]  Pierre Bernhard,et al.  Minimax - or feared value - L1/L∞ control , 2003, Theor. Comput. Sci..

[8]  Fred B. Schneider,et al.  Enforceable security policies , 2000, TSEC.

[9]  M. James,et al.  Robust and Risk-Sensitive Output Feedback Control for Finite State Machines and Hidden Markov Models , 1994 .

[10]  Jeannette M. Wing,et al.  Game strategies in network security , 2005, International Journal of Information Security.

[11]  D. Bertsekas,et al.  On the minimax feedback control of uncertain dynamic systems , 1971, CDC 1971.

[12]  George L. Nemhauser,et al.  Min-cut clustering , 1993, Math. Program..

[13]  Dong Zhou,et al.  Translation techniques in cross-language information retrieval , 2012, CSUR.

[14]  Demosthenis Teneketzis,et al.  A Supervisory Control Approach to Dynamic Cyber-Security , 2014, GameSec.

[15]  Steven I. Marcus,et al.  Risk-sensitive and minimax control of discrete-time, finite-state Markov decision processes , 1999, Autom..

[16]  Lujo Bauer,et al.  Edit automata: enforcement mechanisms for run-time security policies , 2005, International Journal of Information Security.

[17]  George Varghese,et al.  Intrusion Response Systems: A Survey , 2008 .

[18]  D. Bertsekas,et al.  Recursive state estimation for a set-membership description of uncertainty , 1971 .

[19]  D. Bertsekas,et al.  Sufficiently informative functions and the minimax feedback control of uncertain dynamic systems , 1973 .

[20]  Tansu Alpcan,et al.  Network Security , 2010 .

[21]  Pierre Bernhard,et al.  Expected values, feared values, and partial information optimal control , 1995 .

[22]  H. Witsenhausen A minimax control problem for sampled linear systems , 1968 .

[23]  Demosthenis Teneketzis,et al.  Optimal Defense Policies for Partially Observable Spreading Processes on Bayesian Attack Graphs , 2015, MTD@CCS.

[24]  D. Bertsekas Control of uncertain systems with a set-membership description of the uncertainty , 1971 .

[25]  Michel Dagenais,et al.  Intrusion Response Systems: Survey and Taxonomy , 2012 .

[26]  Bingrui Foo,et al.  CHAPTER 13 – Intrusion Response Systems: A Survey , 2008 .